Graphical user interface privacy, security and anonymization

ABSTRACT

A method, computer system, and a computer program product for restricting and anonymizing a graphical user interface for a remote access session is provided. The present invention may include determining a plurality of appropriate permissions for the graphical user interface of a client computer for fixing a problem. The present invention may also include determining a plurality of restricted graphical user interface panels associated with the graphical user interface, wherein the determined plurality of restricted graphical user interface panels includes a minimum access level for the third party to fix the problem.

BACKGROUND

The present invention relates generally to the field of computing, andmore particularly to computer security.

When supporting, for example, storage systems, server or softwareproducts used by customers, many problems can be diagnosed and resolvedby allowing remote desktop access in which a support engineer analyzesthe issue and provides action plans to the customer to resolve theissue. With more difficult problems, the support engineer may remotelyaccess the system graphical user interface (GUI) to diagnose and resolvethe problem.

Some customers, however, are unwilling to allow remote access todiagnose and fix these issues due to security concerns. Some concernsare that an intruder could obtain unauthorized access and manipulate thesystem, retrieve customer confidential data, corrupt customer data, orchange the system without the knowledge of the customer. Other concernsare that a third party could obtain more privileges or access than whatare essential to perform an intended task or function.

SUMMARY

Embodiments of the present invention disclose a method, computer system,and a computer program product for restricting and anonymizing agraphical user interface for a remote access session. The presentinvention may include determining a plurality of appropriate permissionsfor the graphical user interface of a client computer for fixing aproblem, wherein the determined plurality of appropriate permissions isstructured based on the problem by a plurality of error messages,wherein the plurality of error messages includes one or more sets ofif-then protocols, wherein a plurality of sensitive data is determinedwithin the graphical user interface based on the determined plurality ofappropriate permissions, wherein the determined plurality of sensitivedata is anonymized. The present invention may also include determining aplurality of restricted graphical user interface panels associated withthe graphical user interface, wherein the determined plurality ofrestricted graphical user interface panels includes a minimum accesslevel for the third party to fix the problem.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

These and other objects, features and advantages of the presentinvention will become apparent from the following detailed descriptionof illustrative embodiments thereof, which is to be read in connectionwith the accompanying drawings. The various features of the drawings arenot to scale as the illustrations are for clarity in facilitating oneskilled in the art in understanding the invention in conjunction withthe detailed description. In the drawings:

FIG. 1 illustrates a networked computer environment according to atleast one embodiment;

FIG. 2 is an operational flowchart illustrating a process forrestricting and anonymizing GUI for remote access according to at leastone embodiment;

FIG. 3 is a block diagram of internal and external components ofcomputers and servers depicted in FIG. 1 according to at least oneembodiment;

FIG. 4 is a block diagram of an illustrative cloud computing environmentincluding the computer system depicted in FIG. 1, in accordance with anembodiment of the present disclosure; and

FIG. 5 is a block diagram of functional layers of the illustrative cloudcomputing environment of FIG. 4, in accordance with an embodiment of thepresent disclosure.

DETAILED DESCRIPTION

Detailed embodiments of the claimed structures and methods are disclosedherein; however, it can be understood that the disclosed embodiments aremerely illustrative of the claimed structures and methods that may beembodied in various forms. This invention may, however, be embodied inmany different forms and should not be construed as limited to theexemplary embodiments set forth herein. Rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete and will fully convey the scope of this invention to thoseskilled in the art. In the description, details of well-known featuresand techniques may be omitted to avoid unnecessarily obscuring thepresented embodiments.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language, Python programminglanguage, or similar programming languages. The computer readableprogram instructions may execute entirely on the user's computer, partlyon the user's computer, as a stand-alone software package, partly on theuser's computer and partly on a remote computer or entirely on theremote computer or server. In the latter scenario, the remote computermay be connected to the user's computer through any type of network,including a local area network (LAN) or a wide area network (WAN), orthe connection may be made to an external computer (for example, throughthe Internet using an Internet Service Provider). In some embodiments,electronic circuitry including, for example, programmable logiccircuitry, field-programmable gate arrays (FPGA), or programmable logicarrays (PLA) may execute the computer readable program instructions byutilizing state information of the computer readable programinstructions to personalize the electronic circuitry, in order toperform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be accomplished as one step, executed concurrently,substantially concurrently, in a partially or wholly temporallyoverlapping manner, or the blocks may sometimes be executed in thereverse order, depending upon the functionality involved. It will alsobe noted that each block of the block diagrams and/or flowchartillustration, and combinations of blocks in the block diagrams and/orflowchart illustration, can be implemented by special purposehardware-based systems that perform the specified functions or acts orcarry out combinations of special purpose hardware and computerinstructions.

The following described exemplary embodiments provide a system, methodand program product for restricting and anonymizing graphical userinterfaces (i.e., GUI). As such, the present embodiment has the capacityto improve the technical field of computer security by permitting theuser to anonymize the GUI or restrict access to the GUI for privacy andsecurity purposes when another person remotely accesses the clientcomputer of a customer system administrator. More specifically, the GUIrestriction and anonymization program may receive a remote accessrequest from a third party requesting remote access of the clientcomputer to diagnose and fix a computer-related issue. Before the GUIrestriction and anonymization program grants access to the third party,a known cognitive processing system may be utilized to diagnose the useand determine the appropriate access (i.e., permissions) that may begranted to the third party. The GUI restriction and anonymizationprogram then contacts the customer system administrator to confirm thecomputer-related issue and for the customer system administrator todetermine whether to temporarily change the permissions. Depending onthe responses of the customer system administrator, the remote accesssession may commence in which the third party may be granted limitedaccess to the client computer. If the issue is resolved, then the remoteaccess session may be terminated and the temporary permission changesmay automatically expire and reverted to the original permissions. Ifthe problem is not resolved, then the remote access session may beterminated and the customer system administrator may elect to continueto GUI restriction and anonymization program to resolve the issue.

As described previously, when supporting, for example, storage systems,server or software products used by customers, many problems can bediagnosed and resolved by allowing remote desktop access in which asupport engineer analyzes the issue and provides action plans to thecustomer to resolve the issue. With more difficult problems, the supportengineer may remotely access the system graphical user interface (GUI)to diagnose and resolve the problem.

Some customers, however, are unwilling to allow remote access todiagnose and fix these issues due to security concerns. Some concernsare that an intruder could obtain unauthorized access and manipulate thesystem, retrieve customer confidential data, corrupt customer data, orchange the system without the knowledge of the customer. Other concernsare that a third party could obtain more privileges or access than whatare essential to perform an intended task or function. Therefore,support engineers have to resort to less effective methods, which aretime-consuming, error-prone and insecure, as alternatives to remotedesktop access.

Therefore, it may be advantageous to, among other things, provide amethod, computer system or computer program product for increasingcustomer control over remote desktop support thereby allowing customerprivacy, while allowing the support engineers to utilize remote desktopaccess to diagnose and fix issues with the remote computer.

According to at least one embodiment, the GUI may be anonymized byeliminating or replacing private information with predefined data.Whenever the customer system administrator may suspect acomputer-related issue, the customer system administrator may allow theremote support engineer to access the GUI. The GUI may have an optionfor the customer system administrator to select which part of the GUIshould be restricted or modified by depersonalizing the terms byrenaming certain files, removing or replacing the company name,filtering (e.g., deleting customer private information), and replacinginternet protocol (IP) addresses by default ranges in the view. Thecustomer system administrator may restrict or modify the access grantedto remote support engineer by utilizing predefined options, such as,suppressing the network configuration information and transmissioncontrol protocol/internet protocol (TCP/IP), removing personalizedinformation, and obfuscating name information. In addition, a companyname may be eliminated on each screen or IP addresses may be replaced byalias IP addresses.

According to at least one embodiment, the customer system administratormay restrict GUI access prohibiting actions by a third party (i.e.,intruder, hacker or remote support engineer) without the approval of thecustomer system administrator. Each action that may change the behaviorof the system may be protected by a password to be entered by thecustomer system administrator. Whenever the third party may attempt tochange such configurations, the customer system administrator may entera predefined password to allow the third party to proceed with thechange. This approach may protect against manipulation of the systemconfiguration without the approval of the customer system administrator,and may promote a privacy option with the remote connection. Accordingto at least one other embodiment, an approval step in the action takenby the third party may limit the risk of action against the rules of thecustomer system administrator, similar to the change process. Forexample, some GUI panels may be hidden or inaccessible, while other GUIpanels are protected by a password to be entered by the customer systemadministrator.

The present embodiment may include a range of restricting options fromrestricting the complete configuration panels down to a specific option,such as a single IP address within a configuration panel. According toat least one embodiment, restricting the GUI may be defined for aspecific service user role, which holds the predefined configuration forindividual remote support users/groups that can be reused for furtherremote support sessions. Therefore, restriction of the GUI may allow thecustomer system administrator to capture the history of givenpermissions and the logging of changes for reuse in the future to givethe option to the customer system administrator to allow the access aswas given before without approval.

According to at least one embodiment, permissions and obfuscation may bestructured based on specific problem types. The structure may be drivenby error messages from the GUI restriction and anonymization program,including a set of if-then protocols (e.g., runbooks), or the input of acognitive processing system in which multiple processes could be appliedat once. The cognitive processing system may utilize computingtechnology (e.g., Watson Analytics™, Watson Analytics and all WatsonAnalytics-based trademarks and logos are trademarks or registeredtrademarks of International Business Machines Corporation and/or itsaffiliates) to analyze the client computer and diagnose the issue withthe client computer.

The present embodiment may include obtaining permissions and informationbased on the appropriate stage in the process. As the third partyattempts to gain access to restrictive GUI panels of the clientcomputer, the permission and information may reveal changes accordingly.Such progression of permissions may be a part of the troubleshooting orrepair process undertaken by the third party. According to at least oneembodiment, the level of obfuscation or access level may be derived fromthe level of access and the type of problem. For example, theprogression may start with just showing an obfuscated IP Address, thento showing that multiple IP addresses may be a common subnet, torevealing the actual address.

According to at least one embodiment, known algorithms may determinewhich values are sensitive. For privacy, the sensitivity of values maybe based on local regulations or norms of the geography. For security,the sensitivity of values may be based on the potential impact ofallowing permissions (e.g., potential harm that could be done from rootversus user access) or access to specific settings. This determinationmay be based on a set of policies, or on an analysis conducted by thecognitive processing system.

The present embodiment may include the cognitive processing systemprompting the customer system administrator to confirm the issue andinforming the customer system administrator which GUI panels of theclient computer may be accessed to fix the issue. Therefore, thecognitive processing system may restrict the options of, or deny accessto, a malicious actor (i.e., hacker, unauthorized user or intruder) whomay want a more intrusive access level rather than the minimal accessgiven to fix the issue. The third party may be granted the appropriatepermissions for fixing the issue rather than full access to the clientcomputer. According to at least one embodiment, the cognitive processingsystem may be an ongoing process that may continue during the remoteaccess session, as well as when the customer system administratordecides to temporarily change the permissions of the client computer.

According to at least one embodiment, the customer system administratormay change permissions during the remote access session with the thirdparty. Instead of obfuscating values (e.g., IP addresses, names,companies), the customer system administrator may conduct a search onthe client computer and prevent the loss of information obtained by thethird party. For example, all instances of 11.1.2.1 may be replaced withAddress1 so that the third party may observe that the same address maybe appearing multiple times. The obfuscated values may be implementedwith names, companies and other personal identifiers.

The present embodiment may include permitting the customer systemadministrator to specify with a continuum of options related to access.The customer system administrator may select or modify proposed logs,hide certain GUI panels, restrict all access to the GUI, or filter thecontent appropriately before or during a remote access session with thethird party. Therefore, the GUI restriction and anonymization programmay promote flexibility of the configuration, security and privacy forthe customer system administrator, and the customer system administratormay observe and act on previous protected content and menus during theremote access session.

According to at least one embodiment, the customer system administratormay select a trusted secondary person (i.e., manager, co-worker orfriend) to monitor remote access when the customer system administratoris unavailable. The GUI restriction and anonymization program may promptthe customer system administrator to confirm the problem presented bythe third party and to confirm the level of access necessary to fix theissue. In addition, the customer system administrator may temporarilychange the permissions (not the default settings) granted to the thirdparty. As such, for the situations in which the customer systemadministrator may be unavailable or unresponsive to electronic devicenotifications from the GUI restriction and anonymization program, thecustomer system administrator may elect a secondary person to receivesuch notifications. The secondary person may act as the customer systemadministrator by confirming the issue and temporarily changing thepermissions. The customer system administrator may, however, opt to“turn off” this option to notify a secondary person when the customersystem administrator is unavailable or unresponsive. Therefore, the GUIrestriction and anonymization program may not notify a secondary person,and the remote access session may terminate until the customer systemadministrator is available or responds to the GUI restriction andanonymization program.

Referring to FIG. 1, an exemplary networked computer environment 100 inaccordance with one embodiment is depicted. The networked computerenvironment 100 may include a computer 102 with a processor 104 and adata storage device 106 that is enabled to run a software program 108and a GUI restriction and anonymization program 110 a. The networkedcomputer environment 100 may also include a server 112 that is enabledto run a GUI restriction and anonymization program 110 b that mayinteract with a database 114 and a communication network 116. Thenetworked computer environment 100 may include a plurality of computers102 and servers 112, only one of which is shown. The communicationnetwork 116 may include various types of communication networks, such asa wide area network (WAN), local area network (LAN), a telecommunicationnetwork, a wireless network, a public switched network and/or asatellite network. It should be appreciated that FIG. 1 provides only anillustration of one implementation and does not imply any limitationswith regard to the environments in which different embodiments may beimplemented. Many modifications to the depicted environments may be madebased on design and implementation requirements.

The client computer 102 may communicate with the server computer 112 viathe communications network 116. The communications network 116 mayinclude connections, such as wire, wireless communication links, orfiber optic cables. As will be discussed with reference to FIG. 3,server computer 112 may include internal components 902 a and externalcomponents 904 a, respectively, and client computer 102 may includeinternal components 902 b and external components 904 b, respectively.Server computer 112 may also operate in a cloud computing service model,such as Software as a Service (SaaS), Analytics as a Service (AaaS),Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).Server 112 may also be located in a cloud computing deployment model,such as a private cloud, community cloud, public cloud, or hybrid cloud.Client computer 102 may be, for example, a mobile device, a telephone, apersonal digital assistant, a netbook, a laptop computer, a tabletcomputer, a desktop computer, or any type of computing devices capableof running a program, accessing a network, and accessing a database 114.According to various implementations of the present embodiment, the GUIrestriction and anonymization program 110 a, 110 b may interact with adatabase 114 that may be embedded in various storage devices, such as,but not limited to a computer/mobile device 102, a networked server 112,or a cloud storage service.

According to the present embodiment, a user using a client computer 102or a server computer 112 may use the GUI restriction and anonymizationprogram 110 a, 110 b (respectively) to permit the user to anonymize theGUI or restrict access to the GUI while another person remotely accessesthe user's computer system. The restricting and anonymizing GUI methodis explained in more detail below with respect to FIG. 2.

Referring now to FIG. 2, an operational flowchart illustrating theexemplary restricting and anonymizing GUI process for remote access 200used by the GUI restriction and anonymization program 110 a and 110 baccording to at least one embodiment is depicted.

At 202, a request for remote access is received. The GUI restriction andanonymization program 110 a and 110 b may receive a request sent by athird party (e.g., remote support representative) to access the GUIassociated with the client computer 102. Such a request for remoteaccess may be sent as a message to the customer system administrator(i.e., user) in which the GUI restriction and anonymization program 110a and 110 b may determine that a third party is attempting to access theGUI associated with the client computer 102. For example, the customersystem administrator is experiencing a problem with the client computer102 associated with the customer system administrator's work. The clientcomputer 102 periodically shuts off and the customer systemadministrator restarts the client computer 102 each time the clientcomputer 102 shuts off. The customer system administrator lost severalimportant documents that the customer system administrator spentcountless hours unsuccessfully attempting to retrieve. As a result, thecustomer system administrator contacted the vendor's IT department, andthe Tech Support representative decides to obtain remote access into theclient computer 102 to resolve the problem. The Tech Supportrepresentative, then, sends an access request to the client computer102.

Next, at 204, the GUI restriction and anonymization program 110 a and110 b determines the problem and permissions depending on the problem(i.e., issue) with the client computer 102. The cognitive processingsystem may utilize computing technology to analyze the client computer102 and diagnose the problem with the client computer 102. After thecognitive processing system diagnoses the problem, the cognitiveprocessing system may determine the appropriate permissions or accessthat the third party should obtain to fix the problem presented by thecognitive processing system. Permissions may include anonymizinginformation (e.g., company name, IP addresses), deletion of privateinformation, adding or removing passwords to sensitive data or parts ofthe client computer 102, hiding or restricting access until approval isobtained by the customer system administrator, and prohibiting systemconfiguration changes without approval of customer system administrator.As such, the GUI restriction and anonymization program 110 a and 110 bmay use the cognitive processing system to determine the minimum accesslevel that the third party may need to fix the problem, withoutaccessing the restricted level of access, or anonymized data orinformation. Continuing the previous example, the cognitive processingsystem analyzes the client computer 102, diagnoses the problemassociated with the client computer 102, and determines the appropriatepermissions to fix the problem. The cognitive processing systemdiagnoses that the several sensitive files located on the clientcomputer 102 may be infected. As such, the third party may have toobtain access to these sensitive files to fix the problem.

Then, at 206, the GUI restriction and anonymization program 110 a and110 b determines if the customer system administrator confirmed theproposed problem. The GUI restriction and anonymization program 110 aand 110 b may inform the customer system administrator (e.g., via adialog box) of the determined problem with the client computer 102 andprompt the customer system administrator to agree with the proposedproblem determined by the cognitive processing system. According to atleast one other embodiment, if the customer system administrator failsto confirm the proposed problem within a specific time previouslydefined by the customer system administrator, then the GUI restrictionand anonymization program 110 a and 110 b may determine that thecustomer system administrator is not at the client computer 102 and maynotify the customer system administrator via mobile device, email orother electronic methods that the attention of the customer systemadministrator may be necessary due to a request for remote access of theclient computer 102 associated with the customer system administrator.Regardless of whether the customer system administrator may be notifiedon the client computer 102 or by other electronic methods, the customersystem administrator may be presented with a brief explanation of theproposed problem provided by the cognitive processing system and maychoose to agree or disagree with the proposed problem. If the customersystem administrator is notified via other electronic methods, then thedialog box may be embedded in the notification. The dialog box mayinclude a brief explanation of the proposed problem, and “Agree” and“Disagree” buttons at the bottom of the dialog box. Therefore, thecustomer system administrator may decide to agree or disagree with theproposed problem provided by the cognitive processing system. After theGUI restriction and anonymization program 110 a and 110 b has determinedthat the customer system administrator has clicked to agree or disagreewith the proposed problem provided by the cognitive processing system,then the dialog box may disappear.

If the customer system administrator is unavailable, or fails to respondto the notification or prompt that the attention of the customer systemadministrator may be necessary due to a remote access request, then thecustomer system administrator may select a secondary person (i.e.,manager, trusted family member or trusted friend) to receivenotifications associated with a request for remote access of the clientcomputer 102 for the customer system administrator. The customer systemadministrator may define the specific amount of time that may lapsebefore the secondary person is notified. If the specific amount of timehas lapsed with no response from the customer system administrator, thenthe secondary person may be notified via electronic methods (e.g.,email, mobile device) that the secondary person has been designated bythe unresponsive customer system administrator, and the attention of thesecondary person may be necessary due to a remote access request to theclient computer 102 for the customer system administrator. The secondaryperson may be prompted with the same dialog box as the customer systemadministrator briefly explaining the proposed problem provided by thecognitive processing system, and the secondary person may choose toagree or disagree with the proposed problem.

If, however, the customer system administrator fails to designate asecondary person, or fails to select the option to designate a secondaryperson, then the remote access request may be declined. The third partyrequesting remote access and the customer system administrator may benotified that the remote access request has been declined since thecustomer system administrator has been unresponsive.

Continuing the previous example, the customer system administrator wasnot at the client computer 102. As such, the GUI restriction andanonymization program 110 a and 110 b sends an email notification to thecustomer system administrator. The customer system administrator,however, fails to respond within the predetermined 15 minutes after theemail notification was sent to the customer system administrator. Sincethe customer system administrator designated the department manager asthe secondary person, the GUI restriction and anonymization program 110a and 110 b sends an email notification to the department manager. Thedepartment manager promptly opens the email notification, which includesa message stating that the department manager has been designated by thecustomer system administrator as the secondary person. In addition, thedepartment manager's attention is requested due to a remote accessrequest to the client computer 102 for the customer systemadministrator. The email notification further includes a dialog box thatstates the proposed problem with the client computer 102 is that severalfiles are infected by a virus, and “Agree” and “Disagree” buttons at thebottom of the dialog box. The customer system administrator previouslyinformed the department manager of the recent problems with the clientcomputer 102. As such, the department manager promptly read the proposedproblem and clicked “Agree” to confirm the proposed problem with theclient computer 102. Then, the dialog box embedded in the emailnotification disappears.

If the GUI restriction and anonymization program 110 a and 110 bdetermines that the customer system administrator or the secondaryperson either disagrees with the proposed problem provided by thecognitive processing system, or fails to respond to the notification at206, then the GUI restriction and anonymization program 110 a and 110 bmay issue a temporary rejection of the remote access at 208. The thirdparty requesting remote access, the customer system administrator andsecondary person (if applicable) may receive a notification viaelectronic methods that the remote access has been temporarily rejected.The notification sent to the customer system administrator may includeinstructions on how to reinitiate the GUI restriction and anonymizationprogram 110 a and 110 b.

Continuing the previous example, if the department manager clicked the“Disagree” button to indicate that the department manager disagrees withthe proposed problem in the email notification, the customer systemadministrator never previously designated anyone as the secondaryperson, or the department manager failed to respond to the emailnotification within the previously determined 15 minutes after the emailnotification to the department manager was sent, then the GUIrestriction and anonymization program 110 a and 110 b may terminate, andthe third party access may be temporarily rejected. The customer systemadministrator, department manager (if designated as secondary person)and the third party requesting remote access may receive an emailnotification stating that remote access has been temporarily rejected.The email notification sent to the customer system administrator mayinclude instructions on how to reinitiate the GUI restriction andanonymization program 110 a and 110 b.

If, however, the GUI restriction and anonymization program 110 a and 110b determines the designated administrator (i.e., customer systemadministrator or secondary person, if applicable) agrees to the proposedproblem provided by the cognitive processing system at 206, then the GUIrestriction and anonymization program 110 a and 110 b determines if thedesignated administrator selects to temporarily change the permissionsgranted to the third party requesting remote access at 210. If thecustomer system administrator is at the client computer 102, then thecustomer system administrator may receive a dialog box on the screen.If, however, the designated administrator is not at the client computer102, then the designated administrator may be notified by electronicmethods in which the dialog box may be embedded within the notification.The dialog box may include the panels of the GUI or information that thethird party requesting remote access may have to access to fix theproposed problem and a brief description indicating whether these panelsof the GUI and information may be restricted or anonymized during theremote access session of the third party. At the bottom of the dialogbox, the designated administrator may be prompted as to whether thedesignated administrator requests temporary changes to the pre-definedpermissions, and the designated administrator may click the “Yes” or“No” buttons underneath the prompt on temporary changes of permissions.Therefore, the designated administrator may temporarily change thepermissions that the third party requesting remote access may obtain.The designated administrator may provide only temporary changes for thecurrent remote access session without changing the previously defineddefault permissions.

Continuing the previous example, since the department manager confirmedthe proposed problem, the GUI restriction and anonymization program 110a and 110 b sends the department manager and the unresponsive customersystem administrator an email notification. A dialog box is embedded inthe email notification, which includes the panels of the GUI orinformation that the third party requesting remote access may have toaccess to fix the proposed problem and a brief description indicatingwhether these panels of the GUI and information are restricted oranonymized. At the bottom of the dialog box, the department manager isasked whether the department manager requests temporary changes to thepre-defined permissions with “Yes” or “No” buttons underneath. Thedialog box states that the Tech Support representative may have toobtain access to the several sensitive files which are passwordprotected. The names and location of these sensitive files are includedin the dialog box for the review of the department manager. In addition,the dialog box confirms that certain default pre-defined settings, suchas IP addresses, personal identifiers (e.g., social security numbers,names, personal addresses, and account numbers), and other sensitiveinformation are anonymized during the remote access session of the thirdparty and may not be changed. The department manager decides totemporarily change the permissions to remove the password protection onthe sensitive files. As such, the department manager clicks “Yes” at thebottom of the dialog box to temporarily change the permissions on theclient computer 102.

If the GUI restriction and anonymization program 110 a and 110 bdetermines that the designated administrator decides not to implementnew temporary changes to the permissions at 210, then the GUIrestriction and anonymization program 110 a and 110 b will issue aresponse with respect to the remote access to the customer systemadministrator, secondary person (if applicable) and the third partyrequesting remote access at 212. The email notification may confirm thatno changes were made to the permissions on the client computer 102.Continuing the previous example, if the department manager selected “No”to temporary changes to the permissions on the client computer 102, thenthe GUI restriction and anonymization program 110 a and 110 b will issuean email notification to the customer system administrator, departmentmanager and the Tech Support representative stating that no permissionchanges were made to the client computer 102.

If, however, the GUI restriction and anonymization program 110 a and 110b determines that the designated administrator decides to temporarilychange the permissions at 210, then the GUI restriction andanonymization program 110 a and 110 b may proceed to the temporary levelof access at 214. When the designated administrator selects the optionto implement temporary permission changes, another dialog box mayappear. The dialog box may include a list of all the previously definedpermissions. Next, to each permission may be a designation to includewhether that part of the GUI or information is restricted or anonymized.Except the default permissions which may not be changed, the permissionsmay have a box next to each designation in which the designatedadministrator may click to change the designation. Therefore, thedesignated administrator may change a designation, for example, fromrestricted to unrestricted, anonymized to not anonymized by clicking thebox next to the appropriate permission in the dialog box. At the bottomof the dialog box may be a “Submit” button which the designatedadministrator may click when all temporary changes have been made.Thereafter, the GUI restriction and anonymization program 110 a and 110b may implement the temporary permission changes and the third party mayproceed to the temporary level of access for the client computer 102using the newly defined temporary permissions.

Continuing the previous example, since the department manager decided toimplement temporary changes on the permissions of the client computer102, another dialog box is presented in which the department managerclicks on a box next to the several password-protected sensitive filesto indicate that the department manager is changing the permissions forthe files. The department manager, then, clicks the “Submit” button.Thereafter, the department manager is prompted to enter the password toremove the password protection on sensitive files. The departmentmanager provides the password previously provided by the customer systemadministrator and the prompt and the dialog box disappears.

If the GUI restriction and anonymization program 110 a and 110 b issuesa response to remote access at 212, or proceeds to the temporary levelof access at 214, then, at 216, the third party requesting remote accessgains access to the client computer 102. The access granted to the thirdparty may be limited to the permissions gained by the designatedadministrator. Therefore, the third party may attempt to fix the problemto the client computer 102 based on the permissions provided by thedesignated administrator. Continuing the previous example, the TechSupport representative will gain remote access to the client computer102 to fix the problem. Based on the default settings and the temporarypermission changes made by the department manager, the Tech Supportrepresentative will have access to the several sensitive files that werepreviously password protected. The default settings, however, willremain, such as IP addresses, personal identifiers (e.g., socialsecurity numbers, names, personal addresses and account numbers), andother confidential information remain anonymized and unchanged.

If the client computer 102 problem is fixed, then the GUI restrictionand anonymization program 110 a and 110 b notifies the customer systemadministrator, secondary person (if applicable), and the third partythat the client computer 102 problem has been successfully resolved.Thereafter, the remote access session may end for the third party, andtemporary permission changes may automatically expire. Continuing theprevious example, after the Tech Support representative gains access tothe client computer 102 and the several sensitive files, the TechSupport representative fixes the problem with the client computer 102.Thereafter, the GUI restriction and anonymization program 110 a and 110b sends an email notification to the customer system administrator,department manager and Tech Support representative indicating that theproblem has been successfully resolved. The GUI restriction andanonymization program 110 a and 110 b, then, terminates the remoteaccess session and removes all temporary changes to the permissions tothe client computer 102. As such, the password protection is reinstatedfor the several sensitive files.

If the client computer 102 problem has not been fixed, then the GUIrestriction and anonymization program 110 a and 110 b notifies thecustomer system administrator, secondary person (if applicable) andthird party requesting remote access that the problem was not fixed. Theremote access session may be terminated. Then, GUI restriction andanonymization program 110 a and 110 b may return to the cognitiveprocessing system at 204 to reassess the problem and permissions. TheGUI restriction and anonymization program 110 a and 110 b may continueuntil either the problem is fixed, or the designated administratordecides to terminate the GUI restriction and anonymization program 110 aand 110 b by failing to confirm the proposed problem at 206, or shuttingdown the client computer 102 and not restarting the GUI restriction andanonymization program 110 a and 110 b.

Continuing the previous example, if the GUI restriction andanonymization program 110 a and 110 b determines that the problem hasnot been fixed during the remote access session, then the Tech Supportrepresentative, customer system administrator and department managerwill receive email notification indicating the problem has not beresolved. The remote access session is terminated, and the cognitiveprocessing system at 204 will reassess the problem and permissions thatthe Tech Support representative should obtain to fix the problem and toconfirm the proposed problem with the client computer 102. The GUIrestriction and anonymization program 110 a and 110 b may continue untilthe problem is fixed, or the department manager decides to terminate theGUI restriction and anonymization program 110 a and 110 b by failing toconfirm the proposed problem at 206, or shutting down the clientcomputer 102 and failing to restart the GUI restriction andanonymization program 110 a and 110 b.

It may be appreciated that FIG. 2 provides only an illustration of oneembodiment and does not imply any limitations with regard to howdifferent embodiments may be implemented. Many modifications to thedepicted embodiment(s) may be made based on design and implementationrequirements.

FIG. 3 is a block diagram 900 of internal and external components ofcomputers depicted in FIG. 1 in accordance with an illustrativeembodiment of the present invention. It should be appreciated that FIG.3 provides only an illustration of one implementation and does not implyany limitations with regard to the environments in which differentembodiments may be implemented. Many modifications to the depictedenvironments may be made based on design and implementationrequirements.

Data processing system 902, 904 is representative of any electronicdevice capable of executing machine-readable program instructions. Dataprocessing system 902, 904 may be representative of a smart phone, acomputer system, PDA, or other electronic devices. Examples of computingsystems, environments, and/or configurations that may represented bydata processing system 902, 904 include, but are not limited to,personal computer systems, server computer systems, thin clients, thickclients, hand-held or laptop devices, multiprocessor systems,microprocessor-based systems, network PCs, minicomputer systems, anddistributed cloud computing environments that include any of the abovesystems or devices.

User client computer 102 and network server 112 may include respectivesets of internal components 902 a, b and external components 904 a, billustrated in FIG. 3. Each of the sets of internal components 902 a, bincludes one or more processors 906, one or more computer-readable RAMs908, and one or more computer-readable ROMs 910 on one or more buses912, and one or more operating systems 914 and one or morecomputer-readable tangible storage devices 916. The one or moreoperating systems 914, the software program 108 and the GUI restrictionand anonymization program 110 a in client computer 102, and the GUIrestriction and anonymization program 110 b in network server 112 may bestored on one or more computer-readable tangible storage devices 916 forexecution by one or more processors 906 via one or more RAMs 908 (whichtypically include cache memory). In the embodiment illustrated in FIG.3, each of the computer-readable tangible storage devices 916 is amagnetic disk storage device of an internal hard drive. Alternatively,each of the computer-readable tangible storage devices 916 is asemiconductor storage device such as ROM 910, EPROM, flash memory or anyother computer-readable tangible storage device that can store acomputer program and digital information.

Each set of internal components 902 a, b also includes a R/W drive orinterface 918 to read from and write to one or more portablecomputer-readable tangible storage devices 920 such as a CD-ROM, DVD,memory stick, magnetic tape, magnetic disk, optical disk orsemiconductor storage device. A software program, such as the softwareprogram 108 and the GUI restriction and anonymization program 110 a and110 b can be stored on one or more of the respective portablecomputer-readable tangible storage devices 920, read via the respectiveR/W drive or interface 918, and loaded into the respective hard drive916.

Each set of internal components 902 a, b may also include networkadapters (or switch port cards) or interfaces 922 such as a TCP/IPadapter cards, wireless Wi-Fi interface cards, or 3G or 4G wirelessinterface cards or other wired or wireless communication links. Thesoftware program 108 and the GUI restriction and anonymization program110 a in client computer 102 and the GUI restriction and anonymizationprogram 110 b in network server computer 112 can be downloaded from anexternal computer (e.g., server) via a network (for example, theInternet, a local area network or other, wide area network) andrespective network adapters or interfaces 922. From the network adapters(or switch port adaptors) or interfaces 922, the software program 108and the GUI restriction and anonymization program 110 a in clientcomputer 102 and the GUI restriction and anonymization program 110 b innetwork server computer 112 are loaded into the respective hard drive916. The network may comprise copper wires, optical fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers.

Each of the sets of external components 904 a, b can include a computerdisplay monitor 924, a keyboard 926, and a computer mouse 928. Externalcomponents 904 a, b can also include touch screens, virtual keyboards,touch pads, pointing devices, and other human interface devices. Each ofthe sets of internal components 902 a, b also includes device drivers930 to interface to computer display monitor 924, keyboard 926, andcomputer mouse 928. The device drivers 930, R/W drive or interface 918,and network adapter or interface 922 comprise hardware and software(stored in storage device 916 and/or ROM 910).

It is understood in advance that although this disclosure includes adetailed description on cloud computing, implementation of the teachingsrecited herein are not limited to a cloud computing environment. Rather,embodiments of the present invention are capable of being implemented inconjunction with any other type of computing environment now known orlater developed.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based e-mail).The consumer does not manage or control the underlying cloudinfrastructure including network, servers, operating systems, storage,or even individual application capabilities, with the possible exceptionof limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Analytics as a Service (AaaS): the capability provided to the consumeris to use web-based or cloud-based networks (i.e., infrastructure) toaccess an analytics platform. Analytics platforms may include access toanalytics software resources or may include access to relevantdatabases, corpora, servers, operating systems or storage. The consumerdoes not manage or control the underlying web-based or cloud-basedinfrastructure including databases, corpora, servers, operating systemsor storage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forload-balancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 4, illustrative cloud computing environment 1000is depicted. As shown, cloud computing environment 1000 comprises one ormore cloud computing nodes 100 with which local computing devices usedby cloud consumers, such as, for example, personal digital assistant(PDA) or cellular telephone 1000A, desktop computer 1000B, laptopcomputer 1000C, and/or automobile computer system 1000N may communicate.Nodes 100 may communicate with one another. They may be grouped (notshown) physically or virtually, in one or more networks, such asPrivate, Community, Public, or Hybrid clouds as described hereinabove,or a combination thereof. This allows cloud computing environment 1000to offer infrastructure, platforms and/or software as services for whicha cloud consumer does not need to maintain resources on a localcomputing device. It is understood that the types of computing devices1000A-N shown in FIG. 4 are intended to be illustrative only and thatcomputing nodes 100 and cloud computing environment 1000 can communicatewith any type of computerized device over any type of network and/ornetwork addressable connection (e.g., using a web browser).

Referring now to FIG. 5, a set of functional abstraction layers 1100provided by cloud computing environment 1000 is shown. It should beunderstood in advance that the components, layers, and functions shownin FIG. 5 are intended to be illustrative only and embodiments of theinvention are not limited thereto. As depicted, the following layers andcorresponding functions are provided:

Hardware and software layer 1102 includes hardware and softwarecomponents. Examples of hardware components include: mainframes 1104;RISC (Reduced Instruction Set Computer) architecture based servers 1106;servers 1108; blade servers 1110; storage devices 1112; and networks andnetworking components 1114. In some embodiments, software componentsinclude network application server software 1116 and database software1118.

Virtualization layer 1120 provides an abstraction layer from which thefollowing examples of virtual entities may be provided: virtual servers1122; virtual storage 1124; virtual networks 1126, including virtualprivate networks; virtual applications and operating systems 1128; andvirtual clients 1130.

In one example, management layer 1132 may provide the functionsdescribed below. Resource provisioning 1134 provides dynamic procurementof computing resources and other resources that are utilized to performtasks within the cloud computing environment. Metering and Pricing 1136provide cost tracking as resources are utilized within the cloudcomputing environment, and billing or invoicing for consumption of theseresources. In one example, these resources may comprise applicationsoftware licenses. Security provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.User portal 1138 provides access to the cloud computing environment forconsumers and system administrators. Service level management 1140provides cloud computing resource allocation and management such thatrequired service levels are met. Service Level Agreement (SLA) planningand fulfillment 1142 provide pre-arrangement for, and procurement of,cloud computing resources for which a future requirement is anticipatedin accordance with an SLA.

Workloads layer 1144 provides examples of functionality for which thecloud computing environment may be utilized. Examples of workloads andfunctions which may be provided from this layer include: mapping andnavigation 1146; software development and lifecycle management 1148;virtual classroom education delivery 1150; data analytics processing1152; transaction processing 1154; and GUI restriction and anonymization1156. A GUI restriction and anonymization program 110 a, 110 b providesa way to allow the user to anonymize the GUI or restrict access to theGUI while another person remotely accesses the user's computer system.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

What is claimed is:
 1. A method for restricting and anonymizing agraphical user interface for a remote access session, the methodcomprising: determining a plurality of appropriate permissions for thegraphical user interface of a client computer for fixing a problem,wherein the determined plurality of appropriate permissions isstructured based on the problem by a plurality of error messages,wherein the plurality of error messages includes one or more sets ofif-then protocols, wherein a plurality of sensitive data is determinedwithin the graphical user interface based on the determined plurality ofappropriate permissions, wherein the plurality of sensitive data isanonymized; and determining a plurality of restricted graphical userinterface panels associated with the graphical user interface, whereinthe determined plurality of restricted graphical user interface panelsincludes a minimum access level for a third party to fix the problem. 2.The method of claim 1, further comprising: receiving a remote accessrequest, from the third party, to fix the problem associated with theclient computer; and determining the problem associated with the clientcomputer.
 3. The method of claim 1, further comprising: presenting theproblem and the determined plurality of appropriate permissions to auser; and receiving a user confirmation, wherein the user confirmationindicates the user agrees with the problem.
 4. The method of claim 1,further comprising: receiving a user decision to change a plurality ofpreviously defined permissions in response to presenting the determinedplurality of appropriate permissions to the user; and changing thedetermined plurality of appropriate permissions before granting theremote access session to the third party.
 5. The method of claim 1,further comprising: receiving a user decision to change a plurality ofpreviously defined permissions in response to presenting the determinedplurality of appropriate permissions to the user; and changing thedetermined plurality of appropriate permissions based on the receiveduser decision, wherein the changed plurality of appropriate permissionsapply for a duration of the remote access session of the third party. 6.The method of claim 1, wherein determining the plurality of appropriatepermissions for the graphical user interface of the client computer forfixing the problem, further comprises: determining a graphical userinterface panel associated with the problem; determining the pluralityof restricted graphical user interface panels associated with thegraphical user interface; determining the plurality of appropriatepermissions based on the plurality of restricted graphical userinterface panels and a plurality of anonymized data to fix the problem;and presenting to a user the determined plurality of appropriatepermissions.
 7. The method of claim 6, further comprising: determiningthat the user applied a plurality of temporary changes to the determinedplurality of appropriate permissions; and granting remote access to thethird party to fix the problem, wherein the third party is allowedaccess based on the determined plurality of temporary changes.
 8. Themethod of claim 6, further comprising: determining that no changes weremade to determined plurality of appropriate permissions in the graphicaluser interface; and granting remote access to the third party to fix theproblem, wherein the third party is allowed access based on thedetermined plurality of appropriate permissions.
 9. The method of claim7, further comprising: terminating the granted remote access to thethird party; and reverting the plurality of temporary changes back tothe plurality of previously defined permissions corresponding with thedetermined plurality of appropriate permissions.
 10. The method of claim3, further comprising: determining the user is not currently at theclient computer; notifying the user of a remote access request by analternate electronic method; and receiving from the user a confirmationof the problem by the alternate electronic method, wherein the receivedconfirmation includes a decision indicating whether to change thedetermined plurality of appropriate permissions.
 11. A computer systemfor restricting and anonymizing a graphical user interface for a remoteaccess session, comprising: one or more processors, one or morecomputer-readable memories, one or more computer-readable tangiblestorage medium, and program instructions stored on at least one of theone or more tangible storage medium for execution by at least one of theone or more processors via at least one of the one or more memories,wherein the computer system is capable of performing a methodcomprising: determining a plurality of appropriate permissions for thegraphical user interface of a client computer for fixing a problem,wherein the determined plurality of appropriate permissions isstructured based on the problem by a plurality of error messages,wherein the plurality of error messages includes one or more sets ofif-then protocols, wherein a plurality of sensitive data is determinedwithin the graphical user interface based on the determined plurality ofappropriate permissions, wherein the plurality of sensitive data isanonymized; and determining a plurality of restricted graphical userinterface panels associated with the graphical user interface, whereinthe determined plurality of restricted graphical user interface panelsincludes a minimum access level for a third party to fix the problem.12. The computer system of claim 11, further comprising: receiving aremote access request, from the third party, to fix the problemassociated with the client computer; and determining the problemassociated with the client computer.
 13. The computer system of claim11, further comprising: presenting the problem and the determinedplurality of appropriate permissions to a user; and receiving a userconfirmation, wherein the user confirmation indicates the user agreeswith the problem.
 14. The computer system of claim 11, furthercomprising: receiving a user decision to change a plurality ofpreviously defined permissions in response to presenting the determinedplurality of appropriate permissions to the user; and changing thedetermined plurality of appropriate permissions before granting theremote access session to the third party.
 15. The computer system ofclaim 11, further comprising: receiving a user decision to change aplurality of previously defined permissions in response to presentingthe determined plurality of appropriate permissions to the user; andchanging the determined plurality of appropriate permissions based onthe received user decision, wherein the changed plurality of appropriatepermissions apply for a duration of the remote access session of thethird party.
 16. A computer program product for restricting andanonymizing a graphical user interface for a remote access session,comprising: one or more computer-readable storage media and programinstructions stored on at least one of the one or more tangible storagemedia, the program instructions executable by a processor to cause theprocessor to perform a method comprising: determining a plurality ofappropriate permissions for the graphical user interface of a clientcomputer for fixing a problem, wherein the determined plurality ofappropriate permissions is structured based on the problem by aplurality of error messages, wherein the plurality of error messagesincludes one or more sets of if-then protocols, wherein a plurality ofsensitive data is determined within the graphical user interface basedon the determined plurality of appropriate permissions, wherein theplurality of sensitive data is anonymized; and determining a pluralityof restricted graphical user interface panels associated with thegraphical user interface, wherein the determined plurality of restrictedgraphical user interface panels includes a minimum access level for athird party to fix the problem.
 17. The computer program product ofclaim 16, further comprising: receiving a remote access request, fromthe third party, to fix the problem associated with the client computer;and determining the problem associated with the client computer.
 18. Thecomputer program product of claim 16, further comprising: presenting theproblem and the determined plurality of appropriate permissions to auser; and receiving a user confirmation, wherein the user confirmationindicates the user agrees with the problem.
 19. The computer programproduct of claim 16, further comprising: receiving a user decision tochange a plurality of previously defined permissions in response topresenting the determined plurality of appropriate permissions to theuser; and changing the determined plurality of appropriate permissionsbefore granting the remote access session to the third party.
 20. Thecomputer program product of claim 16, further comprising: receiving auser decision to change a plurality of previously defined permissions inresponse to presenting the determined plurality of appropriatepermissions to the user; and changing the determined plurality ofappropriate permissions based on the received user decision, wherein thechanged plurality of appropriate permissions apply for a duration of theremote access session of the third party.